from the menu-driven-God-Mode dept

The Shadow Brokers -- having failed to live up to half their name -- released more NSA exploits last week when it became apparent no one was willing to purchase the exploits from them. This dump was far more interesting than previous releases, as it contained a large number of Windows exploits and -- for some -- a very handy, easy-to-use front end for malware deployment.

This dump probably ruined a few Easter weekends at Microsoft, but not nearly as many as was first presumed. While the exploits targeted older versions of Windows, they would have caused trouble for government and corporate networks still relying those versions. Those targeting unsupported versions are the most dangerous, as those holes will never be patched. They're also the ones with the smallest user bases, so that mitigates the damage somewhat.

That’s a critical detail for the debate going on on Twitter and in chats about how shitty it was for SB to release these files on Good Friday, just before (or for those with generous vacation schedules, at the beginning of) a holiday weekend. While those trying to defend against the files and those trying to exploit them are racing against the clock and each other, it is not the case that the folks at NSA got no warning. NSA has had, at a minimum, 96 days of warning, knowing that SB could drop the files at any time.

The big question, of course, is whether NSA told Microsoft what the files targeted. Certainly, Microsoft had not fully responded to that warning, as hackers have already gotten a number of these files to work.

Unlike the CIA dump happening at Wikileaks, the NSA had a pretty good idea what was contained in the Shadow Brokers stash. Microsoft, however, says it was never contacted by the NSA or "any agency" about the exploits ahead of their release.

Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched.

The most interesting patch on the list is MS17-010, released March 14th. It patched several remote code execution holes in older Windows versions. These patches weren't applied to test machines, resulting in the mistaken conclusion these vulnerabilities hadn't been fixed.

But the patch notes say nothing about whodisclosed the vulnerabilities, which makes it an anomaly. Microsoft's denial, combined with its blank "acknowledgements" page, suggests the NSA itself warned the company about the vulnerabilities. It seems unlikely Shadow Brokers would have given Microsoft a heads up, as it hadn't warned any other affected vendor up to this point.

If so, the Vulnerabilities Equity Process sort of works. I mean, the NSA held onto these as long as it could, but finally informed the affected party when it became apparent it might have to share its "exclusive" exploits with the rest of the world. Better late than never, and certainly better when delivered ahead of a very public disclosure.

What's in the latest dump is now mostly useless. But not completely useless. There are still plenty of machines running older Microsoft software that are still vulnerable, many of them possessed by corporations and government agencies. If the software is old enough, the security holes are permanent.

Not that those with the latest and greatest should rest easy. The NSA hasn't stopped producing and purchasing exploits. The SB stash was a few years old. Current Microsoft software remains under attack from state intelligence agencies and criminals. But this dump of tools shows just how powerful the NSA's toolkit is -- one made even more dangerous by its apparent ease of use. It makes exploit delivery possible for anyone, not just those with a very specific skillset.

from the carrots-taste-better-than-sticks dept

Spotify is pulling the plug on free access to some artists' newest releases, according to The Guardian. Currently, Spotify's 50 million paid users fork over £10/month to play their music offline without ads, but now they're also getting exclusive access to artists' biggest new releases. Meanwhile, Spotify's other 50 million free users have their access suddenly restricted.

This has been a major sticking point with some artists and labels for many years. They've long demanded that some music only be available to paying subscribers because the royalties shared there are much higher. With this new setup -- which Spotify loudly resisted for years -- Spotify benefits by paying fewer royalty fees to record labels, though those fees from free streaming were lower per stream than paid streams anyway. But it's the record labels that pushed this one through:

Labels believe the free tier, which pays lower royalties per stream, can serve to cannibalise other audiences, hitting album sales and lowering the incentive to upgrade to premium.

We've heard this argument before, and too many times. It's always some iteration of the following (choose one from each line):

Taylor Swift even invoked this argument when she recently pulled her songs from Spotify: "music is art, and art is important and rare. Important, rare things are valuable. Valuable things should be paid for. It's my opinion that music should not be free." Of course, Swift's fallacy is equating importance & value with rarity. Water, for example, is critically important and valuable… but also far from rare. Rare things are typically valuable because they are rare, but music that can be copied to every hard drive on the planet at no cost? The polar opposite of rare.
Will Spotify yanking access to newer releases actually encourage its free users to upgrade to a premium account? Not likely. As you may remember, the Copia Institute published a report on this very topic called The Carrot or The Stick? Innovation vs. Anti-Piracy Enforcement, and its key findings should be emailed to the CEOs of every record label:

In Sweden, the success of Spotify resulted in a major decline in the file sharing of music on websites like The Pirate Bay. A similar move was not seen in the file sharing of TV shows and movies... until Netflix opened its doors.

In response to rights holder complaints, the Korean government pressured popular music subscription service MelOn to double the price of subscriptions. Since the mandated increase, online music sites have seen a drop in the number of subscriptions as consumers move back to unauthorized means of access.

Strict criminal penalties in Japan for copyright infringement, enacted in 2012, didn’t prevent a steep 17% decline in CD sales, nor spur rapid adoption of streaming music services. Streaming services are starting to catch on in Japan, but only as their selection and convenience have improved significantly.

New Zealand passed the Copyright (Infringing File Sharing) Amendments Act, also known as “Skynet.” After enactment, there was a short-lived drop in illegal downloads over a two-month period (Aug.-Sept. 2011), but after that activity returned to previous levels.

Because Spotify's decision affects 50 million users, this move could create huge waves for both Spotify and the music industry as a whole, since it could encourage users to regress from free (and legal) methods to their familiar free (and illegal) methods. Most everyone knows you can type in "Taylor Swift discography torrent" into Google and get years of Taylor Swift's music in minutes without paying Spotify, record labels, or Taylor Swift. So what will happen when 50 million users you've been slowly leading away from piracy suddenly feel like they've been left out in the cold?

from the lego-my-movies dept

Back in 2014, much was made about piracy in Australia, specifically whether Aussies using VPN services to get the American flavor of Netflix should be more heavily combatted and how release windows for movies in Australia were pushing the public to pirate the film instead of waiting for it. While much of the conversation about Netflix was unfortunate, we did see some positive signs about release windows coming from distributors in Australia. One distributor, Village Roadshow, even had its CEO admit how badly a delayed-release window had boned them when it came to the wildly popular The Lego Movie.

Burke admitted last night that the delayed release of The Lego Movie in Australia after the release in the United States to coincide with the school holidays was a mistake.

"We made one hell of a mistake with Lego. It was an Australian film, we financed it together with Warner Brothers, it was made here in King's Cross. Because it was so important, we held it for a holiday period; it was a disaster," he said.

"It caused it to be pirated very widely, and as a consequence — no more. Our policy going forward is that all of our movies we will release day and date with the United States."

These kinds of revelations are a positive sign. Rather than shouting about piracy and copyright law, Burke realized that what spurred much of the piracy was his company's refusal to release the movie as soon as it became available. Instead, the company delayed the release to coincide with school holidays, theorizing that this would create a better opening for the film in Australia. The public, however, demonstrated that it would much rather see the film as soon as it should have been available, as it was heavily pirated in Australia.

So, lesson learned, right? Nooooooooope. Instead, Village Roadshow recently performed the exact same delayed-for-school-holidays release for a movie. The name of that movie? Lego Batman, because if you're going to do the exact opposite of what you pledged, you might as well make it as ironic a flipflop as possible.

AUSTRALIAN moviegoers were left with a bitter, yet familiar, taste in their mouth in December when the distributor of the The Lego Batman movie announced it would have a delayed release date, premiering Down Under more than six weeks after it hits US cinemas.

According to the Village Roadshow CEO, “99 per cent” of the films distributed by the company line up with the US release date. But in this instance, they believe the loss of sales due to piracy will not outweigh the boon of the school holidays when Aussie families fork out at the box office.

So it's the exact same theory that the exact same CEO said didn't work a mere two years ago? Come on, guys. What has changed in two years to make them think it's going to be any different this time around? And, perhaps more importantly, what can the company possibly say when Lego Batman is being heavily pirated in the exact same way as The Lego Movie? It can't scream about piracy, or the public will simply refer them back to that thing they said two years ago when they admitted it was the fault of the delayed release. It can't pledge to kill the delayed windows, because it already did that and it turns out that it was a pledge worth nothing. Instead, Village Roadshow will be able to merely stay silent and not count the money it should have been making.

The statements coming from Burke this go around are far less encouraging.

“Yes, we will lose a lot to piracy, but the other side of the coin is the film is available when the audience that goes to these sort of films wants to see it,” he said. “When certain films go out in non-holiday periods, our audiences get very cross because the kids are not available to take them.”

Aside from the fact that this line of thinking didn't work with a nearly identical movie delayed in an identical way a mere two years ago, nothing about this statement makes sense. If you're losing a lot of viewers to piracy, that's because they don't want the release delayed. It can't be both that the film is heavily pirated and the public wants the delay causing the piracy. That makes zero sense.

I can't wait to see Burke's reaction in the window between the American release and the Australian release.

from the press-'play'-to-decloak dept

HackerHouse have been investigating social engineering attacks performed with Digital Rights Management (DRM) protected media content. Attackers have been performing these attacks in the wild to spread fake codec installers since Microsoft introduced DRM to it’s proprietary media formats.

Improperly-licensed media files will produce a pop-up, asking the user if they want to visit the originating site to obtain the rights to play the file. This popup also warns users that this is great way to pick up malware if they're not careful. In these cases, computer users will likely be deterred from following through on the risky click.

But that only happens if it's not licensed properly. If it is -- an expensive process that runs about $10,000 -- then no warning appears, leaving users open to attack by malicious fake codec installers. What would be the point of these fake installers? One possible use for the exploitation of Windows DRM is the exposure of Tor users' information.

As these “signed WMV” files do not present any alert to a user before opening them they can be used quite effectively to decloak users of the popular privacy tool TorBrowser with very little warning. For such an attack to work your target candidate must be running TorBrowser on Windows. When opening/downloading files, TorBrowser does warn you that 3rd party files can expose your IP address and should be accessed in tails.

The $10k price tag for proper licensing is a deterrent to small-time malware purveyors. But it would only be a drop in the bucket for a well-funded government agency and/or any NGOs they employ. It's basically the Network Investigative Technique the FBI deployed in the Playpen cases -- only one able to be buried inside media files which could be scattered around like mini-honeypots.

The DRM-based attack certainly wouldn't be limited to law enforcement agencies. It would also be deployed by spy agencies for use against terrorists (who love to share media files) and, unfortunately, by governments every bit as malicious as the software they're deploying. The exploit could just as easily be deployed to target dissidents, journalists, and other "enemies of the state" through booby-trapped, DRM-laden files that strip away anonymity while delivering information these entities might find intriguing/useful.

Underneath it all is Microsoft's apparently misplaced faith in properly-signed media files put together with its development kits. Rather than warn users that the redirect to the codec installer may still be risky despite the proper signature, Windows will automatically open a new browser instance and download the file with no further user interaction.

from the that-would-be-dumb dept

A thread on Reddit is getting a fair bit of attention today, claiming that Lenovo has set up some of its Yoga laptops to block anyone from installing Linux -- and a Lenovo representative then pointed the finger at Microsoft, saying that it's part of what Lenovo was required to do as part of the Microsoft "Signature Edition" Windows 10 program, though there are reasons to doubt this is true. What is clearly true is that there's a problem installing Linux on a bunch of Lenovo machines. Here's a giant thread on the problems (which apparently disappeared for a while, but is back as I write this). And here's another. And here's another. Some of these threads go back many months. But the issue that has suddenly made it big news is a comment supposedly from a Lenovo "product expert" that the company is forced to block it as a part of the Signature Edition program:

If you haven't heard of the Windows "Signature Edition," it's a program from Microsoft to offer a "clean" (read: no annoying bloatware) version of Windows. Think of it like a Google Nexus phone with a clean Android install, as compared to one from a carrier or handset maker stuffed with annoying bloatware you'll never use. The Signature Edition PCs have received some fairly glowing reviews -- and many (ironically given this story today) of the news stories about the Signature Edition program use the Lenovo Superfish malware fiasco as a reason for why people should look at a Signature Edition computer if they want to run Windows.

So, yeah, based on this storyline so far, you have Microsoft making a clean install of its operating system without bloatware (good idea!), but then being accused of making Lenovo design its BIOS to block the installation of Linux (bad idea!). There is at least some reasonable skepticism that the problem here is really because of the Microsoft Signature Edition program. First of all, Signature Edition computers are supposed to only be available directly via Microsoft's stores -- and the laptop that kicked this off was purchased at Best Buy. Also it wasn't labeled as a Signature Edition PC. And it's certainly not unheard of for low level employees in forums to post incorrect information -- and there is even some question as to whether or not the "Lenovo Product Expert" in the forum post above is even a Lenovo employee or a third-party contractor anyway.

So whether Microsoft is truly to blame here is still an open question. At the very least, it does seem like Lenovo has some questions to answer -- and one hopes that the company will be more forthright and honest than it was back during the Superfish episode when it basically lied through its teeth until it couldn't lie any more.

from the unavoidable-Redmond-umbilical dept

Last week we noted that while Windows 10 has generally seen good reviews in terms of spit and polish, there's growing concern that the OS is too nosy for its own good, and that the opt-out functionality in the OS doesn't really work. Even when you've disabled a number of the nosier features (like Windows 10's new digital assistant, Cortana), the OS ceaselessly and annoyingly opens an array of encrypted channels back to the Redmond mother ship that aren't entirely under the user's control.

Now some of the information being transmitted is purportedly harmless, and some of the problems appear to be overblown (like Windows 10 being banned from some BitTorrent trackers for fear of it reporting user piracy activity), but an operating system you can't fully control is still undeniably stupid and annoying. And it's a curious choice for a company intent on moving beyond the fractured Windows adoption of yesteryear and encouraging the lion's share of Windows users to hop on to a new platform.

Making matters worse, Microsoft now seems intent on retro-fitting its older operating systems (specifically Windows 7 and Windows 8.1) with many of the annoying, chatty aspects of Windows 10. GHacks has noticed that four updates to the older operating systems, described as an "update for customer experience and diagnostic telemetry," connect to vortex-win.data.microsoft.com and settings-win.data.microsoft.com. These addresses are hard-coded to bypass the hosts file, and ferry all manner of personal information back to Microsoft.

Fortunately, it appears that users in this instance can configure Windows firewall and routers to block the traffic, and users can avoid much of the snooping by opting out of the Customer Experience Improvement Program (CEIP):

"The concern with the new Diagnostic Tracking service is much the same as with Windows 10's tracking: it's not clear what's being sent, and there are concerns that it can't be readily controlled. The traffic to Microsoft's servers is encrypted, sent over HTTPS, so it can't be easily examined. While the knowledge based articles describing the new service list the DNS names of the servers that the service connects to, there are reports that the service ignores the system HOSTS file. As such, a traditional and simple method for redirecting the traffic doesn't work.

However, we're not sure just how big an impediment this is in practice; in our testing of Windows 8, the builtin Windows Firewall, for example, is more than capable of blocking the traffic, and this appears to be working entirely as it should. Disabling the service is also effective for those who don't trust its behavior."

Still, it's annoying that Microsoft continues to insist on expanding this kind of OS behavior, without making opting out simple and comprehensive. And it certainly doesn't exactly deflate arguments by folks like Richard Stallman, who consistently argue that Windows is effectively malware. More than anything though, it's a continued advertisement for Linux and operating systems that the end user actually has some degree of control over.

from the not-learning-any-lessons dept

It looks like Lenovo may not have learned much from February's Superfish shenanigans. If you recall, Lenovo was busted for stealthily installing adware on consumer laptops. Worse, the Superfish adware in question opened up all Lenovo customers to man-in-the-middle attacks by faking the encryption certificate for every HTTPS-protected site customers visited. When pressed, Lenovo idiotically denied there was any security threat introduced by faking encryption certs solely for the sake of pushing ads.

"I had this happen to me a few weeks ago, on a new Lenovo laptop, doing a clean install with a new SSD, Win 8 DVD + wifi turned off. I couldn't understand how a Lenovo service was installed and running! Delete the file and it reappears on reboot. I've never seen anything like this before.
Something to think about before buying Lenovo. I searched and found almost nothing about this, so it may be something they started doing in the last few months.

Apparently, Lenovo's using a Windows function called Microsoft Windows Platform Binary Table (WPBT), originally designed to help simplify the installation of proprietary drivers and anti-theft software (obviously since any smart thief would do a clean install relatively quickly after theft). Except in this case, Lenovo's using it as a method to force the laptop to phone home to Lenovo servers so adware can be installed.

Basically, before booting Windows, the Lenovo Service Engine (LSE) built into the laptop's firmware replaces Microsoft's copy of autochk.exe with Lenovo's version. Lenovo's version then ensures that LenovoUpdate.exe and LenovoCheck.exe are present in Windows' system32 directory, with full administrative rights. Lo and behold, you then get Lenovo crapware -- and a machine that phones home to Lenovo servers -- even if you think you've avoided such practices via what you incorrectly assumed was a truly clean OS install.

You'll be shocked to learn that this practice isn't particularly secure. Back in April, Security researcher Roel Schouwenberg found and reported that a buffer-overflow vulnerability in the LSE (not to mention insecure network transmission) could easily be exploited by hackers. Once Lenovo learned of the security risk, and likely received a wrist slap from Redmond for running afoul of Microsoft's security standards regarding WBPT, Lenovo very quietly backed away from the practice last June, then released tools for laptops and desktops to aid in the removal of the LSE.

Clearly, since users are only just in August realizing this problem exists, Lenovo did a wonderful job communicating the issue to its customers. Lenovo now says that any computer sold since June should not include this stealth crapware install mechanism, but somehow it still thought it was a great idea to employ this technology from between October 2014 and April of this year. While Microsoft's WPBT may be well-intentioned, it's also hard to see how it couldn't foresee the potential pitfalls of letting third parties use the BIOS to inject additional software into a fresh install (regardless of whatever "guidelines" they've belatedly attached).

Meanwhile, on the heels of the Superfish scandal, it's becoming pretty clear that customers who want actual control of the hardware they own might just want to steer clear of Lenovo until the company wises up.

from the boom-shakalakah! dept

Windows: the still-dominant operating system is the 800 lbs. gorilla, so one fully expects to see tons of insult-darts shot at the thing to try and tranquilize it. And, in the age of technology fan-boy-ism, some techie folks are big on drawing lines in the sand and loudly proclaiming the superiority of one piece of software over another. But, still, when your German basketball team faces relegation into a lower class of league because a windows laptop crashed and then ran an update just before game time, you can kind of understand if they're pissed off about it.

The March 13 match between the Chemnitz Niners and the Paderborn Baskets was set to begin normally, when Paderborn (the host) connected its laptop to the scoreboard in the 90 minutes leading up to the game. In an interview with the German newspaper, Die Zeit (Google Translate), Patrick Seidel, the general manager of Paderborn Baskets said that at 6:00pm, an hour and a half before the scheduled start time, the laptop was connected "as usual."

"But as both teams warmed up, the computer crashed," he said. "When we booted it again at 7:20pm, it started automatically downloading updates. But we did not initiate anything."

After all the updates were installed, Paderborn was ready to start the game at 7:55pm.

Oops. Paderborn ended up winning the game, but Chemnitz filed a protest, arguing that the delay in starting the game constituted a violation and that Paderborn ought be penalized. The league agreed, taking a point in the standings away from Paderborn, which lowered its rankings such that it now faced relegation. Relegation, for you Americans who aren't Premier League Soccer fans, is a shift in which leagues a team plays in based on the year's performance. For Paderborn, this will mean not even being able to play at the championship level next year, instead being forced to play in the lower "ProB" league.

Seidel is pissed, of course.

"You can’t blame Chemnitz," Siedel added. "But as an athlete and a man, let me of course tell you something else. We beat Chemnitz twice in sportsmanlike, tight games. Therefore, this entire issue has nothing to do with sports."

Nope, just a Windows update costing you a potential championship next year. N00bs.

from the don't-overlook-the-self-inflicted-wounds dept

Being a good Australian means waiting weeks or months for movies or software and then paying an exorbitant amount for them. It took all the way until 2013 for the Australian government to finally allow its adult gamers to buy games for adults, after years of deciding that if the content was too harsh for the (government's idea of a) 15-year-old's sensibilities, then no one could have it.

All sorts of IP-reform discussions by rights holders and government reps have taken place over the last several months. Not included (much): the public, which is expected to purchase content and abide by the new rules, whatever they end up being. The foremost subject is still piracy, despite the fact that the business model(s) suck. (See also: the Australian Tax.)

The US streaming-video giant is rumoured to be launching in Australia in 2015, and ZDNet has reported that the company is already negotiating with content owners to obtain rights for the content that would be in the Netflix library should it launch in Australia.

Until then, the common industry wisdom is that roughly 200,000 Australians are currently subscribed to Netflix, using virtual private network services to make their IP address appear in the US to get around the geoblock, while paying for the service using Australian credit cards and entering in a US post code when signing up for the account.

This would seem to be an encouraging sign: Australians are going out of their way to pay for content. But that's not how Freudenstein sees it.

Freudenstein, whose company owns the licences for much of the content that Netflix would want to include in its library for an Australian launch — including Netflix's own shows Orange is the New Black and House of Cards — told ZDNet after the forum that Netflix has no right to be selling services to Australians without the rights agreements in place.

"I'm opposed because Netflix doesn't have the rights to sell those shows in Australia," he said.

"It's a contractual issue. We have the rights to those shows in this country, Netflix is not paying for those shows in this country, they shouldn't be able to show them."

While this may be a legitimate gripe, it only further highlights the convoluted travesty that is international rights management. It's not enough to get the OK from parent companies. You have to haggle with every other intermediary between your service and the end users.

On the plus side, Freudenstein at least sees this as a rights holder problem rather than a government problem, saying that rights holders need to pressure Netflix and its illicit users, rather than seek a legislative remedy. But that's only as far as Netflix is concerned. Rather than allow the content industry to handle with its own distribution shortcomings, Freudenstein thinks this area needs more government attention.

Freudenstein said that shows like Game of Thrones are played on Foxtel within two hours of airing in the US, but that such responses aren't enough; the government needs to step in and encourage ISPs to help reduce copyright infringement in Australia.

"If we sit and wait, and we don't introduce some schemes soon, there won't be an industry," he said.

He also said this, which puts him squarely on the other side of the divide between the rights holders and their intended audience.

"There will be a lot more cats on skateboards; we'll have a lot less Game of Thrones."

Because only major companies make anything worth watching, listening to, etc. Belittling the creative efforts of others is a terrible way to create interest in your own. Those representing legacy industries continue to pretend there's a massive gap in quality between their output and the general public's. They ignore how quickly that gap has closed in recent years and how that trend will only continue. So, they create a false dichotomy in order to talk legislators and gullible members of the public into siding with the plan to turn ISPs into copyright police: it's either Game of Thrones or cat videos. There's no middle ground.

More positively, Village Roadshow's co-CEO Graham Burke stepped up to admit his company had badly mishandled distribution of one of last year's biggest blockbusters.

Burke admitted last night that the delayed release of The Lego Movie in Australia after the release in the United States to coincide with the school holidays was a mistake.

"We made one hell of a mistake with Lego. It was an Australian film, we financed it together with Warner Brothers, it was made here in King's Cross. Because it was so important, we held it for a holiday period; it was a disaster," he said.

"It caused it to be pirated very widely, and as a consequence — no more. Our policy going forward is that all of our movies we will release day and date with the United States."

Better distribution won't eliminate piracy but it can put a dent in it. Comments delivered at this forum by Spotify indicated that the introduction of its service resulted in a 20% drop in file sharing. The (official) introduction of Netflix should have the same sort of effect. Simultaneous worldwide releases will also chip away at infringement.

The problem is that the rights holders pushing for government intervention have unrealistic aspirations. They want something closer to a complete elimination of copyright infringement, something that will never, ever be possible no matter how draconian the legislation. They're unwilling to accept a reality where a certain amount of infringement will always occur and that business models that decrease piracy will never carry the same margin as selling individual plastic discs.

from the wtf dept

The NY Times has a slightly odd op-ed piece, written by Eamonn Fingleton, author of a book about how China is going to dominate the US economically. That may absolutely be true, but this oped tries to bend over backwards to prove that China will be more innovative than the US... and uses patents as a proxy:

Meanwhile the evidence of international patent filings is looking increasingly ominous. According to data compiled by the World Intellectual Property Organization, the world’s single most prolific filer of international patents as of 2011 was ZTE, a Chinese telecommunications corporation. Its filings were up an astounding fivefold from 2009. Another Chinese corporation, Huawei, moved up to third in the 2011 league table. The only United States corporation to make the Top 10 was Qualcomm.

First of all, the number of patents filed is meaningless. You can file a ton of patents and it means absolutely nothing concerning innovation. First off, applications are different from granted patents. Second, and more importantly, patents show no relation to innovation. Third, when it comes to Chinese patents, the Chinese realized long ago that patents are merely a tool for protectionist tariff-like policies that can be enacted with less scrutiny or trade war issues and have acted accordingly. Basically, nothing in the paragraph above actually supports Fingleton's argument.

But, then it gets much, much worse. He claims that the US somehow has a weaker patent system today than in the past (it doesn't) and then quotes another author claiming that Apple and Microsoft relied on strong patents to survive when they started out:

All this is the more troubling because United States patent law has now been drastically weakened. Congress has made it much harder for small American inventors to protect their intellectual property from infringement and theft.

Pat Choate, the author of “Hot Property,” a book on the theft of intellectual property, maintains that if the new patent regimen had existed when corporations like Apple and Microsoft first got going, they might never have made it out of the little leagues. Their patents would have been quickly infringed by predatory larger corporations, and rather than engage in unequal litigation battles against deep-pocketed and ruthless opponents, they could have felt forced to share their technology on concessionary terms.

Almost nothing in what's said above has any resemblance in the truth. The patent system hasn't been "drastically weakened" at all. Congress made some slight modifications to the patent system, which do nothing to make it harder for "small inventors to protect their intellectual property from infringement and theft."

As for the claims made by Pat Choate, I'm just left shaking my head. First of all, both of Apple and Microsoft's key success stories came from copying the works of other, larger companies when those companies failed to recognize what they had on their hands, and more or less let the upstarts take those ideas and run with them. Also, in both cases, other, larger companies did come in and try to copy them, and weren't that successful. Also, more importantly, neither company aggressively relied on patents to protect its works. Bill Gates famousely said the following about patents:

If people had understood how patents would be granted when most of today's ideas were invented, and had taken out patents, the industry would be at a complete standstill today. I feel certain that some large company will patent some obvious thing related to interface, object orientation, algorithm, application extension or other crucial technique. If we assume this company has no need of any of our patents then the have a 17-year right to take as much of our profits as they want.

Not exactly an example of Microsoft using patents to protect itself, but rather quite the opposite. Apple, in the meantime, relied heavily on ideas from Xerox and SRI in making its early computers -- some of which it licensed, and some of which it did not. However, much of the work was not heavily patented and while Apple received some early patents, it did little to enforce those patents to stop copycats (its most famous lawsuit, against Microsoft for copying the Windows interface, focused on copyright... and it failed, anyway).

You could easily argue that if Microsoft and Apple were started today they would absolutely be harmed by today's patent system, but not in the way that Choate or Fingleton suggest. Rather, they would be sued by trolls over and over and over again, meaning they'd be wasting money fighting lawsuits, and possibly wouldn't be able to survive that. What they needed to survive was an era in which patent enforcement was not common and especially one where patents were considered inapplicable to software.

Microsoft and Apple became massive success stories in part because of the weakness of the patent system in their era, because patents don't help innovation, they put a tollbooth on it. This article certainly puts a huge question mark over the quality of both Choate and Fingleton's work, as it shows little actual knowledge of the subject they're discussing.